I wish to mount SMB share on a common mount point for all users and auto mount it when it's accessed, like when you map a network drive to a common drive letter in a Windows environment and it just uses the user's login credentials for authentication.
Kerberos is not available, so I'm limited to NTLM for authentication, also the share can't be mounted during boot, it must be mounted on demand, because a network connection is not always available a boot time.
I figured I should be able use cifscreds / pam_cifscreds to store CIFS credentials, but I'm still getting promoted for a password when the share is mounted, even when credentials are stored manually using cifscreds add -u myuser myserver or during login using pam_cifscreds.
The only thing that actually works as I would expect is when user2 access the share after it was mounted by user1, then user2 only sees whatever it has access to (if credentials are available).
This is how my system is configured so far
/etc/fstab
//myserver/myshare$ /myshare cifs vers=3.0,sec=ntlmsspi,multiuser,cifsacl,noauto,nodev,nosuid,noserverino,user,x-gvfs-show 0 0
/etc/pam.d/common-auth
auth optional pam_cifscreds.so
/etc/pam.d/common-session
session required pam_keyinit.so
session optional pam_cifscreds.so host=myserver
Issue 1:
When the share is mounted from the command line using mount /myshare, the user gets prompted for password, even if the user's CIFS credentials are available when keyctl show is executed.
This also makes it impossible to mount from the desktop or auto mount.
Issue 2:
When starting a desktop session, no CIFS credentials are available when keyctl show is executed.
But when logging in using SSH, CIFS credentials shows up when keyctl show is executed., so pam_cifscreds seems not to be working at all when a desktop session is started.
Update1: Guess this a this is probable cause https://github.com/systemd/systemd/issues/1299
